Comments

On Thu, 26 Jan 2012, Joakim Tjernlund wrote:
> I think I found one bug by looking at the patch. You need 2 buffers, one> that holds the latest compressed data and one working buffer.
Thanks, I think you're right. Here's an updated patch.
- Paul
From: Paul Walmsley <paul@pwsan.com>
Date: Thu, 26 Jan 2012 08:12:09 -0700
Subject: [PATCH v2] fs: jffs2: compression: fix some (but not all) races
in jffs2_compress()
There is a nasty race in jffs2_compress() when JFFS2_COMPR_MODE_SIZE
or JFFS2_COMPR_MODE_FAVOURLZO is selected and multiple jffs2
filesystems are in use. The compressor buffer is shared among all
users of the compressor, and the buffer is freed and allocated without
holding any lock. This could result in NULL pointer dereferences, or,
worse, corrupted data.
There doesn't appear to be any point in having a compression buffer
shared by all users of the compressor. So remove this, and instead
use a buffer that is local to the jffs2_compress() call. This
simplifies the locking in this function considerably.
There's at least one race left in this function, between it and
jffs2_unregister_compressor(). That's left for someone else to fix.
Until then, it is suggested that compressors should not be registered
or unregistered while any JFFS2 filesystems are mounted.
This patch is COMPLETELY UNTESTED. It could easily DESTROY THE
FILESYSTEM and CORRUPT DATA, so don't use it unless it's been tested
thoroughly and the code has been reviewed by JFFS2 experts.
This patch was developed in collaboration with Orjan Friberg
<of@flatfrog.com> and Joakim Tjernlund <joakim.tjernlund@transmode.se>.
Not-signed-off-by: Paul Walmsley <paul@pwsan.com>
Cc: Orjan Friberg <of@flatfrog.com>
Cc: Joakim Tjernlund <joakim.tjernlund@transmode.se>
Cc: Richard Purdie <rpurdie@openedhand.com>
Cc: David Woodhouse <dwmw2@infradead.org>
---
fs/jffs2/compr.c | 73 ++++++++++++++++++++++++-----------------------------
fs/jffs2/compr.h | 2 -
2 files changed, 33 insertions(+), 42 deletions(-)